Notices by Rysiekúr Memesson (rysiek@mastodon.social)

Google started editing people's e-mails in GSuite, replacing links with a link through google.com:https://mobile.twitter.com/sneakdotberlin/status/1317734739537653760https://twitter.com/tblodt/status/1317875714981416962?s=20

This means that Google will track a click on a link *in e-mail* even if you're using an external client.

I am *guessing* this is under the pretext of phishing protection, but it actually *creates* additional phishing risk for text-only clients, since now all links are google.com links.

#FuckGoogle #privacy

Oh, damn, #2600 seems seriously fscked:
https://2600.com/content/spring-issue-2600-released-important-news

#infosec #sysadmin #hackers

Dennis Skinner was not wrong.

#Samizdat is moving forward nicely. We now have some basic explanation on the landing page, a nicer display of methods used to fetch content, and (just implemented, hot from the CI/CD pipeline!) info on which resources were fetched using which method.

Check it out:
https://cdn.test.occrp.org/projects/samizdat/

Pretty sweet, if I may be so bold to say so!

This is still Proof-of-Concept quality, and so many things can be done so much better. But it works already, in a way.

So, yay!

"Delete and rewrite" lately bacame the feature I use the most in Mastodon.

Not sure what that means.

(and of course I had a typo in this toot so I needed to use it here too... sigh)

So this article about biology and psychology of bad decisions is very relevant to #infosec:
https://www.vox.com/2019/7/23/20702987/brain-psychology-making-hard-decisions

I mean, we all know how phishing tries to create pressure ("somebody knows your password!") and then relies on people clicking stuff and not recognizing their mistake. Turns out, there are biological reasons for this.

Crucial take-away: we're all susceptible.

Obviously, 1. is a decision that needs to be made by individual website owners.

And 2. has already been figured out by... CloudFlare (oh, the irony!):
https://www.cloudflare.com/learning/ssl/keyless-ssl/
https://blog.cloudflare.com/keyless-ssl-the-nitty-gritty-technical-details/

We need a clean-room, FLOSS implementation of Keyless TLS. Nudge. Wink.

One thing I'd love to see is hackers, NGOs, and small media orgs pooling their resources and doing edge caching for each other on their servers.

Most of the time most servers do not use all the bandwidth, so this could help handle peaks in traffic.

Two things would be needed on the tech side: 1. websites becoming more easy to cache (do you really need this bit of dynamic content there?), and 2. some way of doing TLS termination without giving out private keys.

Oh, #Cloudflare was having issues and brought a lot of websites down with it? That's not great.

But thankfully it's not that hard to roll out your own "DDoS protection" (or caching; just call it caching) setup. Here, you can even use our configs: https://git.occrp.org/libre/fasada

Yes, we use them in production, serving sometimes hundreds of thousands views per day.

Patches welcome. #SysAdmin

Mastodon feature request: periodically save the contents of the edit box as a draft, then restore it when the web app reloads itself without warning

#MastoDev #ActualMastoDev

In case you missed it, there's a free open Fediverse alternative to Reddit under construction called Prismo:

@prismo

You can try the first instance at:

https://prismo.xyz

https://prismo.xyz/auth/sign_up

The idea is that each instance is the equivalent of a subreddit, dedicated to a particular topic.

Prismo federates with ActivityPub so you can follow Prismo accounts from Mastodon etc. (The federation isn't completed yet though, so some features are missing.)

#Prismo #Reddit #Alternatives

@wraptile @bhaugen i think all the graphql apis i've been working with so far were totally friendly (say, github). Also, in terms of developer-consumer friendliness, IMO even the worst graphql implementation is nicer to work with than the Best rest api (given they both share exact the same amount of data). Especially that graphql auto-suggests fields and self-documents itself. But, if the implementation is bad, its not really graphqls fault

@rysiek

New keyboard, who dis?

Im Polen hat man mit diesen Darstellungen ein Problem. Deswegen muss das halt weiter gezeigt werden :3